This issue was originaly reported in January, 2000 http://www.security.nnov.ru/2000/january/#IEIMAGE
And was reported to Microsoft. Microsoft didn't accepted this bug as security related but promised to "file a bug report with IE team". http://www.security.nnov.ru/2000/january/ie5img2.html Message to Bugtraq was moderated by Aleph One as unimportant, so publicly information was published one year later on vuln-dev. http://cert.uni-stuttgart.de/archive/vuln-dev/2001/06/msg00094.html and published as advisory http://www.security.nnov.ru/advisories/ie5freeze.asp?l=RU Nobody reacted. Amount of buzz about it now makes me think Internet Explorer security is now really better than it was 4 years ago :) -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
